"One big area for us was looking at everything that is external facing and what types of examination should that have in terms of our attack surface. Another area we looked at is how we're doing authentication, have we implemented risk-based authentication across the board and where can we infuse that further into the process?"
He also sought to aggressively enforce segmentation, deciding which data could be lumped together and which should be kept separate. "This has been a great thing for us in terms of looking at how to quickly implement areas of control," Schwartz added.
Another successful attack would be nothing short of catastrophic.
Training has been key. The 2011 breach started when an employee opened an Excel document in an email, not realising it would open up their machine to infection. Worker training has now gone much deeper, according to the CSO, with more innovative methods tested out.
"There are techniques that are more invasive, more aggressive, where if you do well I'll reward you, but if you don't I'll make a public spectacle of you in some way," Schwartz said. "The point is, is that there are innovative ways to do that."
RSA will want to keep a close eye on its supply chain too. The hackers behind the 2011 hit did not want saleable data from the security firm, but was after the keys to others' infrastructure, most notably that of US government contractor Lockheed Martin. RSA won't want to fall thanks to partner insecurities and Schwartz said the company was reviewing what best practices should be in relation to supply chain.
"We're talking to others that are doing it as well and asking what else can we do to get even deeper visibility in the process," he said. "When you're a global entity like EMC, there are certain places where you do things where it is very easy to gain visibility, but there are other parts of the world where it becomes tougher to get that level of assurance.
"We're looking at where the risk is, where we have a lot of assurance and visibility and where maybe we need to deal with things either at the contractual level, the surveillance level or testing level."
Here's hoping Schwartz can help RSA avoid any further embarrassment. Another successful attack would be nothing short of catastrophic.
There may be trouble ahead
Despite its successful damage limitation exercise, it would be naive to agree the breach is fully behind RSA. There remain unanswered questions. Questions that the company is refusing to answer.
It is still unclear who was behind the attacks, even though RSA claimed last year a nation state was to blame, or whether law enforcement is hoping to apprehend the perpetrators. "We're not providing any attribution on it," Heiser said, adding that RSA was not investing in capturing the crooks and did not know whether the FBI or others were investigating.
RSA may benefit from a lack of police activity. If arrests are made, it will only refresh customers' and potential clients' memories. RSA does not want people to continually associate it with the events of last year.
Instead, the company would benefit from the power of forgetting' - to borrow a term from security guru Bruce Schneier. RSA knows it will continue to face questions over the compromise, but by placating people with a positive, ostensibly open strategy and having data to support that, the company will continue to do a good job at curbing negative opinion. In terms of acquiring new customers, rather than just appease current ones, that will be vital.
The company will have its fingers crossed nothing dirty emerges from the thin cracks that remain open. If nothing does seep out, and that currently looks likely, the hack, not RSA, will have successfully been buried six feet under.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
RSAC Conference 2025: The front line of cyber innovation
ITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
RSAC Conference 2025: AI and quantum complicate securityOrganizations are grappling with the complications of adopting AI for security
-
RSAC Conference 2025 was a sobering reminder of the challenges facing cybersecurity professionalsAnalysis Despite widespread optimism on how AI can help those in cybersecurity, it’s clear that the threat landscape is more complex than ever
-
RSAC Conference day three: using AI to do more with less and facing new attack techniques
-
"There needs to be an order of magnitude more effort": AI security experts call for focused evaluation of frontier models and agentic systemsNews Evaluating the risks of dynamic, evolving AI networks is slow work for cybersecurity analysts
-
Cyber defenders need to remember their adversaries are human, says Trellix research headThere's a growing overlap between nation-state actors and cybercriminals, but these attackers are real people who make mistakes
-
RSAC Conference day two: A focus on new hacking tacticsFrom quantum to AI, experts discussed how new and experimental technologies could be used by hackers to access and decrypt sensitive data
-
RSAC Conference Day One: Vibe Is 'All In' on AI for SecurityNews Artificial intelligence took center stage as RSAC Conference looks at how the discussion has moved from generative AI to agentic AI
